You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

[SOLVED] Minime server with IPtables forwarding. How to block www by host or IP?

Hola Boys and Girls.

I have a tiny problem. Its not really a problem but something that bothers me a lot. I have a laptop. Old IBM Thinkpad 600E which runs PCLinuxOS 2008 MiniMe with Nokia N73 setup as modem and dialed by kppp. I have a USB wifi card in it as well and I am sharing the internet connection to my 4 other ad-hoc wifi network laptops. 1 of them is Windows 2000 3 others are MiniMe as well. This is done by the iptables. I have wrote and using 2 little scripts that are doing it for me.

I have placed it into /home/hagrid/.kde/Autostart and it really works great.

If kppp disconnects for any reason the laptop reboots itself connects and continues sharing again.

IPs are static and DNS as well.

My question is

How can I block certain pages from being accessed in my network?

Is there a file like blacklist for modules that I can type in IP or host and nobody will be able to access this page? I dont want to use any extra software but if what I am planning to do is impossible then what software would you recommend? Would I have to redo the whole server?

I have few little visitors and they are using www when they are at my place but I wouldnt really like to explain myself to their parents who are good friends of mine why their child could see a porn or some other forbidden content on the net and how comes that the parental filter is not on.

I think you are dreaming because think of the sheer number of websites you would want to block, and yet your plan is to manually add IP's / websites to a blacklist. I think it would be a full time job just adding all those sites.

However, if you wanted to use IPTables, you could simply add a drop to your outbound tables, like:

iptables -I OUTPUT 1 -p tcp -d 12.12.12.12 --dport 80 -j DROP
(where 12.12.12.12 is the IP of the porn site).
And then you could add a rule (script to add a rule for each ip address). Also, the more rules you add, the slower your entire network is likely to be as each rule is processed before allowing the packet out. 50 rules not so bad ... 1000+ you will see some slowdown.

I think it would be easier + less overhead on your laptop and your time to use Squid proxy and some form of free websense.

I have the list of the websites ready so there is no hassle I like crazy ideas and I just needed to find out is there a way. Will try your idea and let you know if it works. Would I be able to do something similiar with host? Like for example www.google.ie has dynamic ip and blocking one IP wouldnt do it

I am trying to block few nasty pages. About 30 of them at the most. I have tried Your idea from yesterday. iptables -I OUTPUT 1 -p tcp -d 12.12.12.12 --dport 80 -j DROP
(where 12.12.12.12 is the IP of the porn site)
should block it

It's in the repos:
iplist
a list based packet handler
iplist is a list based packet handler which uses
the netfilter netlink-queue library (kernel 2.6.14 or
later). It filters by IP-address and is optimized for
thousands of IP-address ranges.